Sunday, August 30, 2009

Reading the headlines the past few days on Slashdot, and other sites, you would think the world was ending. WPA IS BROKEN JUST LIKE WEP are a few of the headlines I've seen.

You can also see a SlashDot article (http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-In-60-Seconds?from=rss) reading "WPA Encryption Cracked in Under 60 Seconds!".

From these articles you would believe that WPA is SERIOUSLY flawed allowing an attacker to CRACK the encryption and ultimately read your sensitive data, get your TKIP key, and own everything on your wireless network. Unfortunately, this is one whopper of media hype. A great article REALLY explaining the vulnerability can be found here: http://wifinetnews.com/.

Ultimately no keys are cracked, no encryption is "broken", and your ultimately a little less safe then you use to be with TKIP. The vulnerability was actually introduced last year and just improved on by the Japanese researchers.

There are some serious implications with the improved attack though, most notably if you are fairly close to the client, have a directional antenna, and can intercept some traffic, you can potentially ARP cache poison the victim and have all traffic go through the attacker first. This has a wide spectrum of exposures from sniffing traffic to having a fake DNS server and serving up bad pages.

A couple other mentions are that this only affects TKIP because of the backwards compatibility with IV's and WEP, this does not affect AES. The TKIP key is NOT recovered, it is simply the MIC checksum for message integrity. Since this is only for short packets with known data, there are only a select avenue for attack (i.e. ARP).

Ultimately, this is still a vulnerability that can have some serious repercussions, it is not the doomsday message that everyone seems to be portraying.